The consequences of antivirus missing a zero-day ransomware attack are calamitous enough that many individuals and businesses choose to supplement standard antivirus protection with a separate ransomware protection app. Some such apps work by preventing unauthorized changes to protected folders, while others apply behavioral analysis to detect encrypting ransomware. NeuShield Data Sentinel makes no attempt to detect ransomware! Instead, it focuses on reversing the effects of a ransomware attack. It did a fine job in our testing, though it does have some limitations.
At $23.99 per year, Data Sentinel is a little on the pricey side. Check Point ZoneAlarm Anti-Ransomware goes for $14.95 per year. CryptoPrevent costs almost the same, at $15 per year. You can get three Data Sentinel licenses for $59.99 per year, or five for $79.99. At that five-license level, its per-device price is about the same as the other two. Trend Micro RansomBuster remains free. The positive side of paying for protection is that NeuShield isn’t likely to vanish due to lack of income. Furthermore, its substantial online management console justifies the ongoing yearly subscription charge.
Malwarebytes Premium. As for Heilig Defense RansomOff, its web page just says “RansomOff will be back at some point.”
In addition to the consumer security world, a few ransomware protection tools come from enterprise security companies that decided to do the world a service by offering just their ransomware component as a freebie for consumers. And quite a few of those have also fallen by the wayside, as companies find that the free product eats up support resources. For example, CyberSight RansomStopper is no longer with us, and Cybereason RansomFree has likewise been discontinued.
Bitdefender Anti-Ransomware is gone for a more practical reason. While it existed, it took an unusual approach. A ransomware attacker that encrypted the same files twice would risk losing the ability to decrypt them, so many such programs leave some kind of marker to avoid double-dipping. Bitdefender would emulate the markers for many well-known ransomware types, in effect telling them, “Move on! You’ve already been here!” This approach proved too limited to be practical. CryptoDrop, too, seems to have vanished.
Unlike any other ransomware protection product I’ve seen, Data Sentinel includes a remote management console. That being the case, it makes sense that you start by signing up for an online account. Next, you purchase the product, or enter a license key, and download the installer.
The website generates an installer that’s specific to your account, so you don’t have to sign in after the quick installation. Once it’s installed, it starts protection immediately. Specifically, for each user it protects the files in these folders: 3D Objects, Contacts, Desktop, Documents, Music, Pictures, Saved Games, and Videos. Clicking Anti-Ransomware in the menu lets you see the list of protected folders. You can’t remove folders from that initial group, but you can add custom folders to the protection list.
Data Sentinel also protects the local folder manifestations of popular cloud services, if they’re present. Specifically, it protects Box, Dropbox, Google Drive, OneDrive, and OneDrive for Business.
Webroot SecureAnywhere AntiVirus also handles ransomware (and other malware) by virtualizing its actions. It eliminates known malware immediately, leaves known good software alone, and monitors unknowns, journaling all system changes. It also sends its observations to Webroot’s cloud for analysis. If the monitored program turns out to be malware, the local agent wipes it out and rolls back all its changes.
Data Sentinel commits files on a regular basis—every 24 hours by default. Here, committed means Data Sentinel applies the pending changes to the actual file. What happens if files get committed after encryption? Data Sentinel maintains previous file versions, which it calls Data Engrams. By default, it maintains up to seven Data Engrams for each file.
Data Sentinel doesn’t automatically commit files over the weekend, because ransomware attacks often target end-of-day Friday for their dirty deeds. If you’re sure the files in a protected folder are all fine, you can manually commit them at any time.
With Data Sentinel installed, Windows Explorer gets a few changes in its handling of files and folders. When you right-click a protected folder, you’ll find a NeuShield menu item, with submenus to revert or commit changes to that folder. In the Properties menu for a protected file, a NeuShield page lists all that file’s Data Engrams, with the option to restore to previous versions. Note that restoring an earlier version discards all later versions. Use this ability carefully.
Clicking NeuShield Explorer in the main window brings up a Windows Explorer view that only displays protected folders, making them easier to find. This is also where you invoke One-Click Restore—more about that shortly.
Some kinds of malware hide in the background, exfiltrating your personal data, forcing your computer to participate in a bot army, or using your resources to mine cryptocurrency. The longer they can go undetected, the better.
Ransomware is totally different. Once it has done its nefarious work, it needs to get your attention, explain what happened, and tell you how to pay the ransom. Ransomware announces itself, so there’s no need to detect it… as long as you’re prepared to undo its damage.
When ransomware gets in your face, demanding money, you can just ignore it—if you have Data Sentinel installed. You can right-click any protected folder and choose to revert its files back to their clean, unencrypted state. If the ransomware process is still active, you can put the recovered files in lockdown for a specified period—15 minutes by default. In lockdown, the files are protected from any change by any process.
As for the ransomware itself, you handle that with a feature called One-Click Restore. In earlier editions, this feature relied on the System Restore function built into Windows to restore your system to the way it was yesterday, without touching your documents and settings. The current version no longer depends on System Restore. According to NeuShield, this makes the restoration process as much as 10 times faster.
I installed Data Sentinel on a virtual machine for testing. No way would I release actual ransomware on a physical computer! Once it was up and running, I hit it with a collection of real-world file-encrypting ransomware, one at a time. After finishing with each sample, I reverted the virtual machine to a safe state.
As always, a few of the ransomware samples just didn’t perform. Perhaps they recognized the presence of Data Sentinel. Those that did function did so completely, encrypting files in many locations. Most, but not all, displayed a ransom note, or changed the desktop background into a ransom note. Data Sentinel did nothing to stop them, as expected.
Kaspersky Internet Security includes a special keystroke to break the hold of screen lockers. Data Sentinel’s handling is more sophisticated.
The Data Sentinel online console lists all your protected devices (just one in my case) and offers access to detailed logs of client activity and account activity. It also lets you remotely control the local copy of Data Sentinel.
To recover from the screen locker, I first clicked the Device Details button. This revealed a multi-page collection of important details about the device’s hardware, network, and security, as well as the settings of the local Data Sentinel client. It also changed the Device Details button into a Restore/Revert button.
Trend Micro RansomBuster throws a slew of techniques into the ring. Its Folder Shield component prevents all unauthorized changes to files in protected folders, for starters. Its behavioral component detects ransomware activity in any folder. It also recovers files that got encrypted before behavioral detection kicked in. However, it didn’t fare well in testing.
The technique of preventing unauthorized changes can be quite effective, and it’s used by many general-purpose antivirus programs. As with Data Sentinel’s approach, this works without requiring detection of ransomware as such, provided the user doesn’t blindly authorize the wrong program.
Panda Dome Advanced takes that last concept a step further. It prevents unauthorized programs from all access, even read-only access. In addition to balking ransomware attacks, this technique could foil a data-stealing Trojan.
You install ransomware protection to handle a case where your main antivirus lets a zero-day attack slip past. A slick new attack like that just might elude behavior-based detection as well. With Data Sentinel, that attacker will encrypt your files, but you’ll almost certainly get them back.
Data Sentinel costs a bit more than the competition—in fact, some competitors are free. But its price gets you features not found anywhere else, in particular a high-powered online management console. In testing, it handled file-encrypting, disk-encrypting, and screen-locking ransomware. You do risk losing the current day’s changes, but that’s better than losing all your files. If you’re willing to pay for ransomware peace of mind, especially in a business setting, Data Sentinel can be an excellent choice.
At present, our Editors’ Choice ransomware protector is Check Point ZoneAlarm Anti-Ransomware. Yes, Data Sentinel reversed the effects of all the ransomware attacks we tried, but ZoneAlarm prevented those attacks from taking effect in the first place. Even so, Data Sentinel is a very good choice.